Seizure of Computer Devices Without Authorization and Procedural Consequences: Cassation Court No. 13585/2025
Technology increasingly enters courtrooms, and the line between investigative effectiveness and the protection of fundamental rights becomes thin. With judgment no. 13585/2025, the VI Criminal Section of the Court of Cassation addresses a crucial issue: what happens when the public prosecutor proceeds with the seizure of smartphones or hard drives without prior judicial authorization, in apparent contrast with European regulations on the processing of personal data?
The Procedural Case and the Question Posed to the Court
In the specific case, the Public Prosecutor ordered the seizure of A. C.'s phone as part of an investigation into corporate crimes. The defense objected to the inadmissibility of the acquired data, citing Article 191 of the Code of Criminal Procedure (c.p.p.) and Directive (EU) 2016/680, as re-examined by the recent CJEU decision C-548/21 of October 4, 2024. However, the Salerno Review Court, by order no. 25/11/2024, validated the seizure. The matter finally reached the Court of Cassation.
The seizure of data contained in a computer device for criminal investigation purposes, carried out by the public prosecutor without prior judicial authorization, in violation of Directive (EU) 2016/680, as interpreted by the judgment of the Court of Justice of the European Union of October 4, 2024, in case C-548/21, does not lead to the inadmissibility of the evidence thus acquired, but to the nullity of the act, which cannot be raised if, regarding the seizure itself, the review court has ruled, as in such a case, an effective and independent examination of the necessity, proportionality, and minimization of data acquisition has been guaranteed.
The maxim highlights the Court's choice: to favor the remedy of nullity—which can be remedied—over absolute inadmissibility, which is traditionally more detrimental to the prosecution.
Constitutional and European Interpretation: Directive 2016/680 and Judgment C-548/21
Directive 2016/680, transposed by Legislative Decree 51/2018, requires that the collection of personal data for policing purposes be *necessary, proportionate, and limited* to what is strictly useful. The CJEU, in case C-548/21, specified that prior control by the judicial authority constitutes the primary safeguard for the protection of data subjects.
The Court of Cassation does not ignore this approach but reintegrates it into the framework of our criminal procedure, where Articles 253 and 354 of the c.p.p. allow the Public Prosecutor to proceed urgently, leaving subsequent review to the judge through the review procedure under Article 324 of the c.p.p. According to the Court, this ex-post filter still ensures an "effective and independent examination" in line with European standards.
Nullity, Not Inadmissibility: Practical Implications
The central point is the different fate of the evidence:
- Inadmissibility: It completely eliminates the data from the case file and cannot be remedied.
- Nullity: It invalidates the act but can be remedied if the data subject does not raise an objection in a timely manner (Article 182 c.p.p.) or if the review court intervenes.
Judgment no. 13585/2025 states that once the review court has confirmed the seizure, the nullity can no longer be raised; the defense must therefore act promptly within the legal deadlines. This necessitates faster defense strategies, taking advantage of the opportunity to contest the lack of authorization *immediately*.
The reference to Articles 7 and 8 of the Charter of Nice is interesting: the Court reiterates that privacy and data protection remain fundamental rights, but they must be balanced with the need for effective criminal proceedings.
Conclusions
With decision no. 13585/2025, the Court of Cassation strikes a balance between European rigor and the peculiarities of our legal system. Seizure without prior authorization does not render the evidentiary material inadmissible but is subject to a curable nullity if the review court intervenes. For legal professionals, the message is twofold: on the one hand, rigorous standards of necessity and proportionality must be demanded; on the other hand, it is crucial to raise objections of nullity promptly, before judicial review leads to its remedy. In a context where digital forensics is now a daily practice, the correct application of these principles becomes essential to ensure a fair trial that respects fundamental rights.
